[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips November 21, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
Subject: Clips November 21, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Thu, 21 Nov 2002 10:18:51 -0500

Clips November 21, 2002

ARTICLES

Massive database dragnet explored
Tech Insider: Total information unawareness
Homeland Department May Take a Year to Take Shape
Free Web Research Link Closed Under Pressure From Pay Sites
Internet Sites Delete News of Sales by Big Retailers
Digital Cinema Shelves Plans to Sell Projectors
Evans named vice chair of CIO Council
Millions vulnerable to Microsoft Web flaw
Commander lays out IT challenges
Career Channels: Federal IT job openings

*************************
Mercury News
Massive database dragnet explored
ANTI-TERRORISM PROJECT ALARMS PRIVACY ADVOCATES
By Jim Puzzanghera
Mercury News Washington Bureau

WASHINGTON - Its name is Orwellian, its head has a notorious past, and its goal has civil libertarians and computer-privacy advocates in a frenzy: Let the government troll vast databases of credit-card transactions, medical records and other personal information for signs of terrorist activity.

As more is becoming known about the Total Information Awareness System, a Pentagon research project headed by former Iran-Contra figure John Poindexter, more people are becoming alarmed about the implications.

The Pentagon tried to allay those concerns Wednesday, stressing that it is only ``an experimental prototype'' and that Poindexter's involvement is limited to the research. But Sen. Dianne Feinstein, D-Calif., said she plans to introduce legislation to ensure that the project does not infringe on the privacy rights of Americans.

``This is a panoply, which isn't carefully conscribed and controlled, for a George Orwell America,'' Feinstein told the Mercury News. ``And I don't think the American people are ready for that by a long shot.''

The proposed system is the brainchild of Poindexter, the director of the Information Awareness Office of the Defense Advanced Research Projects Agency, the Pentagon's risk-taking research division that created the Internet.

Poindexter declined to be interviewed, but at two defense-technology conferences in recent months he has outlined how the system would sift through a variety of commercial and government databases in the United States and abroad to identify terrorist plans.

``We must find the terrorists in a world of noise, understand what they are planning and develop options for preventing their attack,'' Poindexter said at a conference in Anaheim in August in which he said the system would also ``ensure that the private information on innocent citizens is protected.''

But the specter of the government analyzing records of everyday activities has conjured images of the all-knowing Big Brother government of Orwell's novel ``1984.'' Earlier this week, more than 30 civil liberties groups wrote to Senate leaders, urging them to stop further development of the system.

``This is a plan for a very ambitious, comprehensive, all-encompassing surveillance system,'' said Lee Tien, an attorney with the San Francisco-based Electronic Frontier Foundation. ``There have been plenty of abuses of power with much smaller scale systems. This one would be enormous.''

With controversy swirling around the project, Pete Aldridge, the Pentagon's undersecretary for technology, said Wednesday that the research is being done largely with ``fabricated'' data to avoid privacy issues. If the system proves feasible it would be used by intelligence and law enforcement agencies in conjunction with existing laws to protect individual privacy.

``If you were a terrorist, and you wanted to conduct a terrorist act, you would undertake certain kind of transactions to do that. One, you have to enter the country, and you would probably . . . get a driver's license or you would maybe take lessons in airplanes,'' Aldridge said. ``The bottom line is this is an important research project to determine the feasibility of using certain transactions and events to discover and respond to terrorists before they act.''

He also stressed that Poindexter's involvement ends with the research.

Poindexter was national security adviser to former President Reagan from 1985-1986 and was a key figure in the covert plan known as Iran-Contra to trade weapons for the Americans that Iran held hostage. He was convicted of five felony counts of lying to Congress, destroying official documents and obstructing the congressional inquiry into the affair. His convictions were overturned on appeal because testimony given by Poindexter to Congress under a grant of immunity was unfairly used against him at trial.

In the past week, editorials in the New York Times and the Washington Post have questioned the wisdom of letting Poindexter direct the project. But Aldridge said Poindexter approached the Pentagon with the idea after the Sept. 11, 2001, attacks.

``Once the tool is developed, John will not be involved,'' Aldridge said. ``But it's his enthusiasm and his volunteering of this idea, which is why we developed and started to fund it.''

The program will receive $10 million in the Defense Department's 2003 budget and its implementation is at least ``several years away,'' Aldridge said. But some experts said the system may not be feasible.

A study released last month concluded that such data-mining projects were not promising, said Philip Zelikow, the executive director of the Markle Foundation Task Force on National Security in the Information Age, which conducted the study.

``There is about this a certain aura of the search for the philosophers' stone, if we can just find the magic algorithm and get access to enough databases the truth will emerge,'' said Zelikow, a former National Security Council staffer.

Still, Jerry Berman, executive director of the Center for Democracy & Technology, said now is the time for Congress to consider the implications of such a project because there are few limitations on government access to commercially available databases. And other database-mining initiatives are under way by the FBI and the new Transportation Security Administration.

``We are going into uncharted water,'' he said. ``The research project needs to be watched.''

That's what Feinstein said she intends to do. She talked with Poindexter on Tuesday, and Pentagon officials are slated to brief Senate staffers on the project today.

``My belief is it's one thing to require people who sell explosive materials . . . to require them to provide the government with that information,'' she said. ``It's another thing to look through everybody's credit-card purchases, finances, loans, everything else to see if they've bought any of this stuff.'' **************************** Government Executive Tech Insider: Total information unawareness By Shane Harris sharris@xxxxxxxxxxx

In the past week, privacy advocates and media commentators have sounded an alarm, saying that the Defense Department is building a new computer system to spy on personal transactions such as credit card purchases and e-mails. Their fears are unfounded and overblown.

At issue is a project called the Total Information Awareness (TIA) system, run by the Defense Advanced Research Projects Agency (DARPA), the research and development arm of the Pentagon that takes technologies in their prenatal stage and turns them into prototypes, usually over the course of three to four years per project.

The goal of the TIA system is clear, but far from simple: To predict terrorist attacks before they happen. Unfortunately, almost nothing has been published describing what the TIA system is, and more importantly, what it isn't, so that citizens can make up their minds about whether this project is advisable or even feasible.

Instead, assumptions have been based on misguided or false information, and attention has focused more on the fact that the project is being managed by controversial Iran-contra scandal figure John Poindexter than on DARPA's historic reputation as a sponsor of scientific research. None of this anxiety has furthered the debate over the proper role of technology and intelligence in homeland security.

So what is the TIA system? Contrary to recent assertions, it isn't a new computer. Rather, it's a conceptual prototype, a design for how different technological componentssome already inventedmight one day be integrated into a single system that would be used to predict terrorist attacks. The TIA system is also the top project in DARPA's new Information Awareness Office, which was formed in January to consolidate the numerous research and development projects the agency was already running in the areas of counter-terrorism and asymmetric warfare.

The project is at least three years from completion. When it's finished, DARPA won't build anything, said Robert Popp, deputy director of the Information Awareness Office. Instead, individual agencies that might use the TIA system would have to decide how and for what purpose. And, Popp stressed, it would be up to Congress to address privacy laws governing the use and collection of data that the system might encounter.

So how would the system work? To plan and execute their attacks, Popp said, terrorists must conduct transactionsto buy supplies, purchase airline tickets, make phone calls, and so on. Those transactions leave a record. Much the same way sonar recognizes the acoustic signature of a submarine, the TIA system would use a number of technological components, as well as human analysis, to look at transaction records for patterns that might point to a terrorist scenario.

As a broad example, consider the perpetrators of the Sept. 11 attacks. Some of their names were on government lists of suspected terrorists. Many of them had bank accounts and residences in the United States. If federal officials could have been alerted that some of the men were placing calls to one another, enrolling in the same flight schools and purchasing airline tickets for the same day, a proverbial red flag might have given them away.

Before those dots of information can be connected, they have to be found, and that's the first step of the TIA system. It would use a variety of technological componentssuch as information search-and-retrieval tools or programs that automatically translate recorded messagesto sift out related dots from the daunting volume of information held mostly in private sector databases.

No one knows yet what technologies would be included in the system or what repositories would be searched, Popp said. DARPA is considering a number of devices, some of which are already being used by the military. U.S. soldiers in Guantanamo Bay, Cuba, for example, use electronic translators to assist in the interrogation of suspected al Qadea members and Taliban detainees. The device is a DARPA project, and the technology it employs might one day be used in the TIA system, Popp said.

Even if TIA eventually develops into an integrated system, computers will never be able to determine who is or isn't a terrorist, Popp says. Rather, the unconnected dots would be given to a team of experts in terrorism from a variety of federal agencies. It would be their job to make the connections.

Popp likens this process to having many pieces of a jigsaw puzzle, but not the picture on the puzzle box. The team would try to create that picture, using what they know about past terrorist events, and by challenging themselves to think unconventionally about what the data could mean.

Ultimately, analysts would narrow down their hypotheses into a few "plausible futures," Popp says; in other words, the most likely outcomes based on the data and the analysis. Then, the analysts would give their predictions to senior policy-makersthe head of the CIA or the National Security Adviser, for instancewho would have to make a decision about whether to act on the picture the analysts had painted.

The idea that a computer could automatically make these judgments is not only incorrect, but hard to imagine. Quite simply, the government doesn't have a large cache of information on every man, woman and child in the country. Furthermore, what personal information different agencies do collect is stored in different databases, and access to it is frequently restricted by law. And today, the government isn't advanced enough to create an all-powerful computer such as the one critics of the TIA program envision.

That's not to say the government couldn't one day build a highly sophisticated system to intuit people's behavior based on previous patterns, although many companies have tried and failed to do so. DARPA probably would be the best agency to undertake such an effort. But that isn't what's happening today.

Nevertheless, New York Times columnist William Safire last week lambasted the TIA system, asserting that "if the Homeland Security Act is not amended before passage," the government would begin tracking people's magazine subscriptions and the pharmaceuticals they use. But there isn't a single reference to the TIA system or the Information Awareness Office in Homeland Security legislation passed by Congress, and the future of DARPA isn't connected to the bill.

Popp acknowledges the validity of concerns about accessing information normally off limits to the government. DARPA officials are experimenting with ways to "anonymize" data that the system would use. For example, individuals' names and personal information might never be associated with credit card transactions when seen by analysts or processed by a computer. Analysts might only see a number, and the name behind it could only be accessed by senior officials under specific circumstances.

Admittedly, even protections like these won't satisfy everyone. But the TIA system is years from becoming reality, and given the intense scrutiny of DARPA's work, it's unlikely that development of the system will continue far from public view. Indeed, journalists were writing about TIA as early as last summer. Congressional hearings on the system are all but certain in the next legislative session.

It's hard to imagine, though, that DARPA, with its history grounded in the advancement of science and research, is nefariously plotting behind the curtain to build Big Brother. And even though the effort is headed by a controversial figure, not even John Poindexter is crafty enough to get dozens of federal agencies to electronically share what scant information about terrorists they do possess. If he were, he'd be the first choice for secretary of the Homeland Security Department.

Plenty of information about TSA is available. Popp has been talking to the press about the system for months, and has been speaking about the project at public gatherings. You can read all about the system on DARPA's Web site. As work progresses, and the debate over the project is conducted, those with the responsibility to inform the public would do well to consult the facts, lest they be caught unaware. ******************************** Washington Post Homeland Department May Take a Year to Take Shape Bush to Nominate Ridge as Secretary; Nightmares Seen in Blending 22 Agencies' Cultures and Workforces By Mike Allen and John Mintz Thursday, November 21, 2002; Page A08

Lawmakers and White House officials warned yesterday that consolidating 22 federal agencies into the new Department of Homeland Security will take as long as a year, and that it may be much longer before workforces and cultures can be blended into a smoothly functioning agency devoted to defending the nation from terrorism.

"There's still a lot of . . . anxiousness or concern about how it will work," said Senate Minority Leader Trent Lott (R-Miss.). "It's going to take weeks, months, maybe even years to get this to really work the way it should."

Administration officials said they will move quickly to begin merging the agencies after Bush signs the homeland security bill next week, but acknowledged that many obstacles remain. "We want to move toward one culture," a White House official said. "We have to convince people that change isn't bad."

But labor unions remain furious about the plan, saying the legislation that passed the Senate on Tuesday contained virtually all of President Bush's demands for management flexibility over workplace conditions. The American Federation of Government Employees, which represents 32,000 of the 45,000 union workers who will be part of the department, ran a notice on its Web site yesterday saying, "Remember your workplace rights -- because you're about to lose them!"

Beth Moten, AFGE's legislative director, said the union remains concerned that "the heart and soul of the civil service system" is in jeopardy, and is encouraging members to meet with House and Senate members back home over the holidays to try to keep heat on the administration.

Unions are not the only skeptics. Michele Waslin, senior immigration policy analyst at the National Council of La Raza, which works to improve opportunities for Hispanics, said the plans to include the Immigration and Naturalization Service in the department "take a broken agency and divide it into different pieces within a huge new agency."

The General Accounting Office, Congress's investigative arm, warned in a recent report that putting together 177,000 employees from the disparate departments will cause disruption for years, and possibly degrade security, at least in the short term.

"The idea that this is going to be a homogeneous, well-oiled machine in one day, one month, one year after the 'merger' happens or the department is born is just totally unrealistic," U.S. Comptroller General David M. Walker, who runs the GAO, said in a recent interview with The Washington Post.

Bush will announce his plans to nominate Tom Ridge, his homeland security director, as the department's first secretary, when he signs the bill authorizing the largest government reorganization in more than five decades, White House officials said.

Plans call for Ridge, his deputies and their staffs to be housed initially in leased quarters in the Washington area. About 18,000 of the 177,000 employees who will join the agency work in the Washington area, and options are under review to ultimately place them in buildings based on the four sub-agencies in the new department.

The officials said Bush will also name several of Ridge's deputies in coming weeks. Two are Gordon R. England, the current Navy secretary and a former high-ranking executive of Lockheed Martin Corp., and John Gannon, a former deputy director of the CIA, who has been helping run a transition team for the department, the officials said.

A third candidate for a top job is Asa Hutchinson, currently the administrator of the Drug Enforcement Administration and a former House member from Arkansas.

The first step in the process of establishing the agency calls for the administration to submit to Congress a detailed master plan for how it will accomplish the reorganization.

Bush has not yet signed off on the document, and administration officials are poring over the bill just passed by the Senate to determine how it changes their plans.

In recent days, for example, the Senate inserted numerous rules and internal reporting requirements involving treatment of immigrants and visa holders to improve service by the immigration agency.

Administration officials are studying how these changes affect their consolidation plans.

Once Bush sends the master plan to Capitol Hill, the administration will have 90 days to plan for the creation of the department, with emphasis placed on integrating computer and e-mail systems so the employees can communicate, and on consolidating various agencies' terrorist watch lists.

Under the law, the administration will have a year to bring together the 22 agencies. The department will consists of four sub-agencies -- border and transportation security, emergency preparedness, technology and intelligence -- as well as the Coast Guard and Secret Service, which will stand alone.

In addition to the 125 employees of Ridge's office, 80 officials -- most of them from the agencies to be merged -- have been working at a homeland security transition office in downtown Washington. **************************** Washington Post Free Web Research Link Closed Under Pressure From Pay Sites By Jonathan Krim Thursday, November 21, 2002; Page E01

The Energy Department has shut down a popular Internet site that catalogued government and academic science research, in response to corporate complaints that it competed with similar commercial services.

Department officials said abandoning PubScience, an electronic service that cross-indexed and searched roughly 2 million government reports and academic articles, will save the government $200,000 a year because two equivalent services exist in the private sector.

The decision alarmed researchers in and out of the federal government, who worry that services operated by other federal agencies might be forced to give way to private gatekeepers that would control access to information and research, much of which was created with public money. Government agencies maintain extensive databases and search engines for information on medicine, agriculture, finance and other disciplines.

"What we worry about is what's next," said Charles A. Hamaker, associate librarian at the University of North Carolina at Charlotte.

PubScience, which began on paper in the late 1940s and went online in 1999, offered one-stop shopping for people looking for literature on energy and science topics.

Searching on PubScience was free, and the service provided brief summaries of articles or reports that related to requested topics. The service would link either to full texts that were or to a payment systems for information that was for sale.

Two commercial equivalents, Scirus and Infotrieve, operate much the same way. They are owned by database companies that publish or make available academic literature for a fee, but the search function is free.

Energy Department officials acknowledge that they were lobbied frequently by the sites' owners and their trade group, the Software and Information Industry Association. But officials said they had been tracking the development of private-sector services carefully to be sure that similar services were offered at no cost before closing PubScience.

"From DOE's point of view, this is a success," said Walter L. Warnick, director of the Office of Scientific and Technical Information, which put together and managed the site. "We have created a model that others are now pursuing. Our Web patrons are now being served without additional expense to the government."

Hamaker and others disagreed. They said they fear that offering search functions free is a way for the database companies to lure users to become dependent on their services.

"It's the heroin pusher's approach to marketing," said Martin Blume, editor in chief of the American Physical Society, which publishes several journals on physics.

In the case of Scirus, Hamaker said the search engine pushes users toward content owned by its corporate parent Elsevier Science, part of a European database company. An Elsevier spokesman referred questions to the industry trade association. Infotrieve did not return phone calls seeking comment.

Researchers acknowledge that sophisticated research institutions generally would rely on premium databases such as ISI Web of Science, operated by Thomson Corp. of Canada. The service can cost as much as $100,000 a year.

But they say that for the general public and researchers at small institutions such as public libraries, PubScience was an invaluable tool for surveying what information existed on a given topic.

"For general awareness of what was available, it was a bargain to the world, a gift to the world," Hamaker said.

Researchers also wonder why companies that sell information would want to diminish the number of search opportunities that lead to articles that people might purchase.

David LeDuc, public policy director of the SIIA, said the issue is whether there should be publicly funded competition for commercial search services.

LeDuc said free government services could drive out corporate competition, thus reducing the choice available to consumers. He said he doubts that Scirus or Infotrieve intend to start charging for searches.

"That's not how the Internet works," he said, arguing that an increasing amount of information is available online free. But ultimately, he said, the market should decide.

LeDuc said the software association is looking at other publicly funded Web sites after its success with PubScience, whose closing was reported last week by Federal Computer Week. "We monitor what governments do," LeDuc said. "There are two [services] that we've been made aware of. . . . They are both in the proposed stages."

Emily Sheketoff, executive director of the American Library Association's Washington office, said the software group's philosophy will lead to more expensive access to information already paid for by taxpayers.

"Our fear is that this is the beginning of privatizing government services for profit," she said.

In addition to government reports, many academic studies and journals are enabled by public funding of public colleges and universities.

Private companies are being allowed to "take information that has been created with tax dollars, they turn around, make some slight little change, and then they start selling it," Sheketoff said.

Other government research arms also are concerned.

Kent A. Smith, deputy director of the National Library of Medicine and chairman of an interagency group of federal providers of scientific and technical information, said the group was not happy that PubScience was taken down.

"We believe there is a need to ensure open access for the public to information created by taxpayer dollars," Smith said. "We think that's essential." ****************************** New York Times November 21, 2002 Internet Sites Delete News of Sales by Big Retailers By AMY HARMON

Several Internet shopping sites have removed information about post-Thanksgiving sales after major retailers including Wal-Mart and Target threatened legal action under a digital copyright law.

Legal experts said invoking a copyright law in this context was unusual, because the information appeared to be a set of facts rather than the kind of original or expressive work that is typically covered by copyright law. The Supreme Court has ruled that telephone white pages directories, for instance, do not fall within copyright law.

But the retailers said the law enabled them to exercise control over their lists of products and prices even when it leaks onto the Internet ahead of its intended release.

"We believe copyright covers a compilation of facts," said Tom Williams, a spokesman for Wal-Mart, which sent out at least seven letters to Web sites over the last week. "It's our data about our products that we put out, and we don't want customers to be confused."

Among visitors to the discussion forum of FatWallet.com, the removal of information which included lists of products and prices apparently designated to appear in sales circulars on Nov. 29 was greeted with accusations of censorship. "While I believe it would be very difficult for them to claim a copyright on this, quite frankly you've got to pick and choose what your battles are," said Tim Storm, FatWallet's owner. "Going up against Wal-Mart, well, it can be very expensive to be right."

Mr. Storm said he also received letters from Target, BestBuy and Staples. He removed the information immediately.

Jason Wolfe, the operator of the MyCoupons.com site, said he did the same after receiving the Wal-Mart letter. But he did not comply with the company's request for the personal information of whoever had posted the information on the site. "I said I was not going to give that to them unless they supplied me with a subpoena," Mr. Wolfe said.

At DealExpert.net, the site owner posted the letter he received from Wal-Mart with a note asking site visitors not to post information from any more advertisements for Black Friday, as the day after Thanksgiving is known among retailers.

Under the statute invoked by the retailers, the Digital Millennium Copyright Act, most Web sites and Internet service providers are immune from prosecution as long as they remove infringing material after being notified of its presence by a copyright holder.

Some legal experts have voiced concern that the law provides little incentive for Internet companies to stand up for material that may be protected by the First Amendment.

"The smaller the company is on the defending side, and the bigger the company on the challenging side, the more likely it is that people will take down information even if it might be fair use," said Pam Samuelson, a law professor at the University of California at Berkeley. ******************************* Los Angeles Times Digital Cinema Shelves Plans to Sell Projectors It will suspend sales to movie theaters while a group of Hollywood studios hammer out technical standards and business models. By P.J. Huffstutter November 21 2002

The sluggish pace of Hollywood's transition from celluloid to digital projection systems has prompted Technicolor Digital Cinema to put on hold its plans to sell equipment to movie theaters, the company said Wednesday.

The Burbank-based company, a joint effort between Technicolor and cell phone giant Qualcomm Inc., said its decision to cut its business development and marketing groups is an effort to please a consortium of Hollywood studios that are trying to hammer out technical standards and business models for digital cinema.

"The [consortium] asked several vendors to wait because there's no technology standards in place yet," said Dana Banks, a spokeswoman for Technicolor, the leading film production and distribution company. "Until we have a standard, we have a staff that has nothing to do."

Technicolor Digital Cinema has more than two dozen high-tech projection systems installed in theaters nationwide, and the company plans to maintain them.

The company cut two staff positions but declined to say how many employees remain in the unit. Technicolor is a Camarillo-based division of Thomson Multimedia.

Other digital cinema vendors, however, said Wednesday that they are pushing forward with their efforts to roll out new projection systems in the U.S. and overseas.

Technicolor rival Avica Technology Corp. of Santa Monica has installed numerous systems in Asia this year and expects to continue to expand in that market, said President and Chief Executive Andrew Maltz.

"We were never contacted by the consortium about this," Maltz said.

Officials with the Hollywood-based consortium, known as the Digital Cinemas Initiatives, could not be reached for comment.

Instead of rolling film through a projector, the new breed of equipment projects digitally rendered images onto big screens. Instead of using celluloid reels, the machines allow digital files to be sent electronically to theaters through high-speed data lines, over satellite transmissions, or on computer discs or digital videotape.

Advocates of the technology say it will rid movies of visual problems, including wear that affects celluloid prints over time and scratches and other on-screen flaws caused by mechanical projectors.

The seven major studios created the Digital Cinemas Initiatives in May to establish technology standards for digital movie projectors. They also hoped to build a business model that will make it profitable to distribute digital films electronically to the more than 100,000 theaters worldwide. By eliminating film, studios expect to save hundreds of millions of dollars in film-print production and distribution costs.

But the conversion costs are considerable. One of the biggest roadblocks is determining who will pay the $150,000 fee for each digital projector, along with the more than $20,000 per screen for the computer that stores and feeds the movies. For Regal Entertainment Group, the nation's largest movie theater chain with more than 5,800 screens, the tab could exceed half a billion dollars.

And though studios could save up to $1 billion in the U.S. alone by replacing film with digital files, the financial benefits to theaters are more subtle. Digital projectors can be operated and maintained with fewer employees, and theaters could use the equipment to show additional types of programming, such as sporting events and rock concerts.

All this leaves the consortium with much to figure out. Consortium officials have said they expect to pick an engineering standard for digital cinema by the end of 2003.

"There's a prevailing view that, in film, we have an elegant technology that we know how to use well and people are comfortable with," said Charles S. Swartz, executive director of the Entertainment Technology Center at USC. "It's going to take time for people to replace that technology and agree on what is going to be better than film." ************************************* Government Computer News 11/20/02 Evans named vice chair of CIO Council By Richard W. Walker and Jason Miller

Energy Department CIO Karen Evans this afternoon was named as the new vice chairwoman of the CIO Council. She replaces outgoing Treasury CIO James Flyzik, who is retiring from government next month.

"It's a big job." Evans said of her council role. "Jim has done an excellent job. I aspire to the same level of excellence."

The announcement came during the council's meeting in Washington, which included a reception honoring the winners of the first CIO Council Awards.

They were:

The Virtual IT Job Fair, sponsored in April by the Office of Personnel Management and the CIO Council's Workforce and Human Capital for IT Committee. More than 18,000 job seekers completed applications online, and the job fair site received more than 2 million hits.

The MapStats team, sponsored by the Census Bureau. The portal, at www.fedstats.gov/qf, displays statistical information from regional, state, county and metropolitan viewpoints.

The Assistive Technology team, sponsored by the Education Department. The program ensures that disabled Education employees get the assistive technology they need to do their jobs. The team conducts systematic reviews to ensure Section 508 compliance and sets baseline standards for software and hardware.

The Web Medical Appointments team, sponsored by the Navy. Patients can schedule medical appointments on the Web, which has relieved the phone workload and reduced the number of no-shows. The concept has served as a model across the Defense Department. *************************** CNET News.net Millions vulnerable to Microsoft Web flaw By Robert Lemos Staff Writer, CNET News.com November 20, 2002, 11:26 AM PT

A software bug in a common component of Microsoft Web servers and Internet Explorer could leave millions of servers and home PCs open to attack, security researchers said Wednesday. The vulnerability, found by security company Foundstone and confirmed by Microsoft, could allow an Internet attacker to take over a Web server, spread an e-mail virus or create a fast-spreading network worm.

"There are millions of systems and clients that will be affected by this," said George Kurtz, chief executive of Foundstone. "This is huge."

Foundstone originally discovered the flaw and worked with Microsoft to develop a patch.

The flaw, in a component of Windows that allows Web servers and browsers to communicate with online databases, could be as widespread as the flaws that allowed the Code Red and Nimda worms to spread, said Kurtz. It likely affects the majority of the more than 4.1 million sites hosted on Microsoft's Internet Information Service (IIS) software. In addition, millions of Windows 95, 98, Me and 2000 PCs could also be vulnerable to the software bug.

Microsoft rated the flaw as critical under its new vulnerability evaluation system that is intended to lessen the number of flaws that receive a "critical" rating to help administrators identify the most important vulnerabilities to patch.

"There is a possibility that it might be wormable," said Lynn Terwoerds, security program manager for Microsoft's security response center. "It is clearly critical...we want the patch uptake to be really high."

The flaw affects IIS Web servers using the Microsoft Data Access Component (MDAC) to talk to a database. Servers running the latest software, MDAC 2.7, are free from the security hole, as are servers on which an administrator has run the IIS Lockdown Tool, an application that helps secure systems.

Because the MDAC software is not installed by default, at least one security researcher argued that the flaw wouldn't be as widespread as Foundstone claimed.

"I think that there are enough servers that use the component that some are going to be broken into," said Marc Maiffret, chief hacking officer for vulnerability assessment firm eEye Digital Security. The company found the IIS flaw that led to the Code Red worm, which compromised as many as 400,000 servers.

"Default flaws are a much worse thing," he said. "Rather than having to download a piece of (vulnerable) software, you just set up a IIS Web server, and it's vulnerable."

Windows computers, except those running Windows XP, are also vulnerable if Internet Explorer 5.01, 5.5 and 6 are present, as they also use the data access component. However, attacks on such systems are harder to accomplish, Terwoerds said. Outlook Express 6 and Outlook 2000 are immune to attack in their default configurations, and other versions of the mail client can be made safe by using the Outlook E-mail Security Update, she said.

Microsoft has posted information about the flaw and how to secure Windows PCs and Web servers in an advisory on its TechNet site.

Getting all system administrators to patch their systems will be extremely difficult.

Recent research has shown that, in the case of the Linux Slapper worm, only about 40 percent of administrators patched their systems in the 7 weeks before the Slapper worm was released into the Internet. After the worm started spreading, a new surge of patching resulted in another 25 percent to 30 percent of systems being patched. However, the remaining third of computer systems remains vulnerable.

While a worm or attack program that uses this particular vulnerability hasn't appeared on the Internet yet, it's only a matter of time, said Foundstone's Kurtz, who urged system administrators to patch immediately.

"Sometimes the security tsunamis of the world prompt people to patch things, and that's not good for security," he said. "It is good to be proactive." ***************************** Federal Computer Week Commander lays out IT challenges BY Dan Caterinicchia Nov. 20, 2002

The commander of U.S. Pacific Command (Pacom) has a few problems that he thinks information technology can do a better job of helping to solve.

Navy Adm. Thomas Fargo said that his command, like the rest of the Defense Department, has been charged with minimizing its footprint without affecting combat capabilities as it continues fighting the global war on terrorism, and he thinks IT can help.

Speaking Nov. 19 at the AFCEA International's TechNet Asia-Pacific 2002 Conference and Exposition in Honolulu, Fargo said there are five main command, control, communications, computers, intelligence (C4I) and security challenges that IT can help Pacom overcome:

* Architecture to create a clear blueprint to integrate solutions for end-to-end decision-making capabilities.

* Efficiency, from business processes to workforce numbers.

* "Reachback" capabilities to connct deployed forces to the best information source for their needs.

* Information sharing with joint and coalition forces.

* Information assurance for increasing information agility without compromising security.

The Global Information Grid (GIG), which is designed to provide DOD with a working framework for moving to network-centric operations, is a great start in helping to solve the architecture problem, but it needs to be able to better incorporate service-specific solutions as they are developed, Fargo said. To aid in that effort, Pacom is using its new headquarters as a pilot for joint information capabilities that maps its C4I solutions onto the GIG.

"It's a small-scale pilot as to how to put the framework [together] and establish an architecture, and put systems on that are seamless within that framework," Fargo told Federal Computer Week.

In the efficiency realm, he said, "Only half of the promise of IT is being met." He said that's because his chief information officer's office is outsourcing many projects, but the team is not getting any smaller and neither is the space being taken up by IT equipment.

"The J6 [Communications Electronics Division] is doing a lot of contracting, but not much contracting," he said, using two meanings and pronunciations of "contracting" for emphasis. He added that the Navy Marine Corps Intranet program is helping reduce the number of servers within Pacom, but that only affects about one-third of those machines. "We have got to streamline and determine what the return on investment really is."

Fargo said weather information is the best example of how "reachback" could enhance combat capabilities without increasing DOD's footprint. He said that weather data should be available as an icon on a computer as opposed to a separate command, and IT can serve as the link between the forward deployed forces and the best information provider for them, whether it's Pacom, an air operations center or another source.

Pacom and DOD are doing a better job of sharing information internally and with coalition forces, and that's because IT solutions are increasingly being built with those environments in mind, he said, adding that U.S. allies must take on a "greater share of the security burden, not less," in the future.

Fargo added that information assurance alerts are showing up on his desk more frequently, and he asked industry to help solve that problem and the others.

"IT - both in its capabilities and its hardware - are fundamental to winning this global war on terrorism," he said. *************************** Federal Computer Week Career Channels: Federal IT job openings

Information Technology Specialist Series/Grade: GS-2210-13 Location: Denver, Colo. Announcement #: HAC-02-68 Closing Date: Dec. 4, 2002 Contact: Department of Veterans Affairs, HR/05, 300 S. Jackson St. Ste. 444, Denver, CO 80209; D. Newton 303-331-7885

Supervisory Information Technology Specialist Series/Grade: GS-2210-14 Location: Washington, D.C. Announcement #: W-OFO-FAIM-2003-0005 Closing Date: Dec. 11, 2002 Contact: Department of Agriculture, FSIS, 1400 Independence Ave. SW, Rm. 3143 SOAGRBG, Washington, D.C. 20250; P. McFarland 202-720-6617

Applications Developer Series/Grade: GS-2210-14 Location: Washington, D.C. Announcement #: 020286 Closing Date: Nov. 25, 2002 Contact: Library of Congress, 101 Independence Ave. SE, Staff/Recruit Group, LM-107, Washington, D.C. 20540; 202-707-5627

Electronic Engineer Series/Grade: GS-1550-7/13 Location: Washington, D.C. Announcement #: IT 03-08 Closing Date: Dec. 06, 2002 Contact: Department of Veterans Affairs, HR, 810 Vermont Ave. NW, Washington, D.C. 20420; Jim Kirk 202-273-9722

Statistician Series/Grade: GS-1530-9/11 Location: Washington, D.C. Announcement #: 2002-79 Closing Date: Nov. 26, 2002 Contact: Courts Services & Offender Agency, 808 17th St. NW, Ste. 820, Washington, D.C. 20006-3944

Statistician Series/Grade: GS-1530-12/13 Location: Washington, D.C. Announcement #: 2002-78 Closing Date: Nov. 26, 2002 Contact: Courts Services & Offender Agency, 808 17th St. NW, Ste. 820, Washington D.C. 20006-3944

Computer Assistant Series/Grade: GS-335-7 Location: Ft. Gordon, Ga. Announcement #: SCDZ030098446 Closing Date: Nov. 29, 2002 Contact: Department of Army, SC Staff Div, Sparkman Complex Bldg., Redstone Arsenal, AL 35898; Carmen Davis 706-791-3956

Computer Assistant Series/Grade: GS-335-7 Location: Ft. Gordon, Ga. Announcement #: SCDZ030098452 Closing Date: Nov. 27, 2002 Contact: Department of Army, SC Staff Div, Sparkman Complex Bldg, Redstone Arsenal, AL 35898; Carmen Davis 706-791-3956

Information Technology Specialist Series/Grade: GS-2210-11 Location: Ft. Polk, La. Announcement #: X-BL-03-4509-PO Closing Date: Nov. 27, 2002 Contact: Department of Army, DEU, SC-CPOC Bldg 5304, DAPE-CP-SC-B-X, Redstone Arsenal, AL 35898; Sondra Ogle 337-531-4020

Computer Engineer Series/Grade: GS-854-7 Location: Bethesda, Md. Announcement #: CIT-02-0066 Closing Date: Dec. 06, 2002 Contact: Health & Human Services, NIH, HR, 2NW04, 10401 Fernwood Road MSC 4809, Bethesda, MD 20892-4809; 301-496-6

Office of Surveillance & Biometrics Deputy Director Series/Grade: GS-1530-15 Location: Montgomery, Md. Announcement #: FDA-3-1007-SJS Closing Date: Dec. 13, 2002 Contact: Health & Human Services, FDA, 2098 Gaither Road, Rm. 148, Rockville, MD 20850; Pam Smith 301-827-1

Computer Engineer Series/Grade: GS-854-13 Location: Ft. Monmouth, N.J. Announcement #: ALG03149671 Closing Date: Dec. 17, 2002 Contact: Department of Army, NE Staff Div, 314 Johnson St., Aberdeen PG, MD 21005-5283; Venita J. Mitchell 310-306-0217

Computer Assistant Series/Grade: GS-335-5 Location: Del Rio, Texas Announcement #: 02NOV292189 Closing Date: Nov. 28, 2002 Contact: Department of Air Force, Pers, HQ AFPC/DPCTDC, 550 C St. West Ste. 57, Randolph AFB, TX 78159-4759; 800-699-4473

Statistician Series/Grade: GS-1530-12/13 Location: Arlington, Va. Announcement #: 02-45-0005 Closing Date: Nov. 25, 2002 Contact: Department of Justice, DEA, Pers, HQ Staffing Unit, Washington, D.C. 20537; 202-353-7035

Computer Assistant Series/Grade: GS-1550-14 Location: Suffolk, Va. Announcement #: EX3160430SRF-NR Closing Date: Dec. 06, 2002 Contact: Department of Navy, HRSC, Norfolk Naval Shipyard, Bldg. 17, Portsmouth, VA 23709-5000; 757-396-7994 *********************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: Clips November 20, 2002
Next by Date: Clips November 22, 2002
Previous by thread: Clips November 20, 2002
Next by thread: Clips November 22, 2002
Index(es):
- Date
- Thread